[Github] jenkins-infra alumni team

26 views
Skip to first unread message

Olblak

unread,
Mar 25, 2021, 5:55:16 AM3/25/21
to Jenkins Infrastructure, Jenkins Developers ML
Hi Everybody,

I am currently collecting feedback about the best way to manage user access to the Jenkins-infra GitHub organization and more specifically for people who don't contribute anymore (whatever the reason).

I recently review user permissions on the Github Jenkins infrastructure organization and we have 53 people with different kinds of permission. A lot of them stepped back or just don't actively contribute anymore.
This brings unneeded risk to the Github organization as they have change permissions even though a lot of them don't need those permissions anymore. Differently said, It doesn't make sense to take the risk that a compromised account introduces changes in our git repositories if that account doesn't need privileged access anymore.

So I am proposing to create a new "team" named alumni which would have read-only permissions on every public repository.
This would bring the following benefits

  1. We would still be able to assign individual alumni group member PR or Issues as knowledge experts.
  2. Alumni team members will have the "jenkins-infra" badge on their GitHub user profile as a way to highlight their past contribution.
  3. If for some reason a malicious user get access to one of the alumni account, that attacker won't be able to merge PR which reduces the risk on the GitHub organization.
  4. Of course, once a contributor get more active, we can still remove him from alumni group and grant him more permission
Any thoughts?
Without any feedback, I'll wait one week, starting from this email, before implementing my plan.

Cheers,

Olivier

--
  Olblak



Arnaud Héritier

unread,
Mar 25, 2021, 6:09:41 AM3/25/21
to Jenkins Developers, Jenkins Infrastructure
+1

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com.


--
Arnaud Héritier
Twitter/Skype : aheritier

Oleg Nenashev

unread,
Mar 25, 2021, 6:17:30 AM3/25/21
to Jenkins Infrastructure, Jenkins Developers ML
+1. I suggest we do the same for the jenkinsci organization.
We have quite a number of core maintainers who have stepped down. They are still the org members, but having a team for these contributors would be helpful.

On Thu, Mar 25, 2021 at 11:15 AM Carlos Tadeu Panato Jr <cta...@gmail.com> wrote:
+1

--
You received this message because you are subscribed to the Google Groups "Jenkins Infrastructure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins-infr...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/946e9c82-73ce-4365-bd14-0cc17d2c4d69%40www.fastmail.com.

--
You received this message because you are subscribed to the Google Groups "Jenkins Infrastructure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkins-infr...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/jenkins-infra/CAOxYG4z%3D1%3D%2BA32RN41mUR2xDnGX3NANp%2B%2BmvX%2BNS2_1KdnkShQ%40mail.gmail.com.

Mark Waite

unread,
Mar 25, 2021, 12:16:12 PM3/25/21
to Jenkins Developers
+1 from me.

Rick

unread,
Mar 25, 2021, 9:11:58 PM3/25/21
to jenkin...@googlegroups.com, Jenkins Developers
+1 from me



--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7719a88f-ee56-465a-a44e-67867c473cb2n%40googlegroups.com.

YanJun Shi

unread,
Mar 28, 2021, 9:13:43 AM3/28/21
to jenkin...@googlegroups.com
+1 from me



--
Shi Yanjun(yJunS)

Oleg Nenashev

unread,
Mar 29, 2021, 8:15:30 AM3/29/21
to Jenkins Developers
I went ahead and created a team in the jenkinsci org https://github.com/orgs/jenkinsci/teams/alumni 
I will move some of the known inactive contributors there.

Olblak

unread,
Mar 29, 2021, 9:12:47 AM3/29/21
to Jenkins Developers ML
Thanks everybody for your feedback, I'll create that team and start moving people there

Olblak

unread,
Mar 30, 2021, 5:40:50 AM3/30/21
to Jenkins Infrastructure, Jenkins Developers ML
Hi Everybody,
I made few changes to the Jenkins-infra GitHub organization.

**jenkins-infra/alumni**
I created the alumni team here, feel free to reach out if I put the wrong person there and I'll revert it or if I am missing someone.

**Repository permission**
Several teams had "admin" permission and I switched that to "maintain"

I started reviewing team repository permission and while I made few changes, I still have pending work but feel free to suggest teams that should or should not have a specific repository access

Cheers
Reply all
Reply to author
Forward
0 new messages